import { SetMetadata } from '@nestjs/common';
import { SecurityEventType, SecurityLevel } from '../entities/security-log.entity';

export interface SecurityEventMetadata {
  eventType: SecurityEventType;
  securityLevel?: SecurityLevel;
  eventTitle: string;
  eventDescription?: string;
  autoLog?: boolean;
}

export const SECURITY_EVENT_KEY = 'security_event';

/**
 * 安全事件装饰器
 * 用于标记需要记录安全事件的控制器方法
 */
export const SecurityEvent = (metadata: SecurityEventMetadata) =>
  SetMetadata(SECURITY_EVENT_KEY, metadata);

/**
 * 认证成功事件装饰器
 */
export const LogAuthSuccess = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.AUTH_SUCCESS,
    securityLevel: SecurityLevel.LOW,
    eventTitle,
    eventDescription: eventDescription || `用户成功执行: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 认证失败事件装饰器
 */
export const LogAuthFailed = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.AUTH_FAILED,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `认证失败: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 未授权访问事件装饰器
 */
export const LogUnauthorizedAccess = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.UNAUTHORIZED_ACCESS,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `未授权访问: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 权限拒绝事件装饰器
 */
export const LogPermissionDenied = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.PERMISSION_DENIED,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `权限拒绝: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 验证错误事件装饰器
 */
export const LogValidationError = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.VALIDATION_ERROR,
    securityLevel: SecurityLevel.MEDIUM,
    eventTitle,
    eventDescription: eventDescription || `验证错误: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 业务错误事件装饰器
 */
export const LogBusinessError = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.BUSINESS_ERROR,
    securityLevel: SecurityLevel.MEDIUM,
    eventTitle,
    eventDescription: eventDescription || `业务错误: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 系统错误事件装饰器
 */
export const LogSystemError = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.SYSTEM_ERROR,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `系统错误: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 可疑活动事件装饰器
 */
export const LogSuspiciousActivity = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.SUSPICIOUS_ACTIVITY,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `可疑活动: ${eventTitle}`,
    autoLog: true,
  });

/**
 * 频率限制事件装饰器
 */
export const LogRateLimitExceeded = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.RATE_LIMIT_EXCEEDED,
    securityLevel: SecurityLevel.HIGH,
    eventTitle,
    eventDescription: eventDescription || `频率限制: ${eventTitle}`,
    autoLog: true,
  });

/**
 * SQL注入尝试事件装饰器
 */
export const LogSqlInjectionAttempt = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.SQL_INJECTION_ATTEMPT,
    securityLevel: SecurityLevel.CRITICAL,
    eventTitle,
    eventDescription: eventDescription || `SQL注入尝试: ${eventTitle}`,
    autoLog: true,
  });

/**
 * XSS尝试事件装饰器
 */
export const LogXssAttempt = (eventTitle: string, eventDescription?: string) =>
  SecurityEvent({
    eventType: SecurityEventType.XSS_ATTEMPT,
    securityLevel: SecurityLevel.CRITICAL,
    eventTitle,
    eventDescription: eventDescription || `XSS攻击尝试: ${eventTitle}`,
    autoLog: true,
  });
